<?php
/*******************************************************************************
 * $Date:: Jan 15, 2011 2:52:01 PM											   $
 * $Revision: 													               $
 * $Author:: Tuan Duong													       $
 * $Comment::															       $
 ******************************************************************************/ 

/**
 * Class description.
 * @package: Lua
 * @subpackage: Acl
 * @author: Tuan Duong <bacduong[at]gmail[dot]com>
 * @version: 
 */

class Lua_Acl {

    /**
     * @var array
     */
    private $groupIds = array();
    
    /**
     * @var array
     */
    private $permissions = array();

    /**
     * @var Lua_Acl
     */
    private static $instance = null;

    /**
     * Check permission of groups with the current Router
     * @static
     * @param  array $groupIds
     * @return void
     */
    private function __construct()
    {
        $this->init();
    }

    public function init()
    {
        $baseService = Lua_Service_Locator::getBaseService();
        $userService = Lua_Service_Locator::getUserService();
        $loggedUser = Lua_Util_Session::getLoggedUser();

        // Get list of groups
        if ($loggedUser->isEmpty()) {
            $groupIds = array(Lua_Constant_Database::GUEST_GROUP_ID);
        } else {
            $groupIds = $userService->getGroupIds($loggedUser->id);
        }
        $this->permissions = array();
        if (0 != count($groupIds)) {
            // Get acl list of user's groups
            $acls = $baseService->findAll('ipoo_acl', array('group_id IN (?)' => $groupIds));

            foreach ($acls as $acl) {
                $aclBean = new Lua_Bean_IpooAcl($acl);
                $this->permissions[] = $aclBean;
            }
        }
    }

    public static function getInstance()
    {
        if (null == self::$instance) {
            self::$instance = new Lua_Acl();
            Lua_Registry::set(Lua_Constant_General::LUA_ACL, self::$instance);
        }
        return self::$instance;
    }

    /**
     * Check current user can access to the URI specified by $router
     * @param Lua_Router_Abstract $router
     * @return bool
     */
    public function canAccess(Lua_Router_Abstract $router = null)
    {
        if (null == $router) {
            $router = Lua_Registry::get(Lua_Constant_General::LUA_ROUTER);            
        }
        $canAccess = false;
        foreach ($this->permissions as $aclBean) {
            if ($this->hasPermission($aclBean, $router)) {
                $canAccess = true;
                break;
            }
        }
        return $canAccess;
    }

    /**
     * Check current $router is allowed by ACL Bean
     * @param Lua_Bean_IpooAcl $aclBean
     * @param Lua_Router_Abstract $router
     * @return bool
     */
    private function hasPermission(Lua_Bean_IpooAcl $aclBean, Lua_Router_Abstract $router)
    {
        if ("*" == $aclBean->module) {
            return true;            
        }
        if ($aclBean->module == $router->getModule()) {
            if ("*" == $aclBean->controller) {
                return true;                
            }

            if ($aclBean->controller == $router->getController()) {
                if ("*" == $aclBean->action || $aclBean->action == $router->getAction()) {
                    return true;                    
                }
            }
        }
        return false;
    }
}
